Law enforcement calls it “Apple picking”. It’s really just a new kind of snatch and dash, but smartphone thievery boosted overall year-over-year theft statistics for the Chicago Transit Authority by 23% in June 2011. And it’s not just happening in Chicago. Many other urban centers are on the same trend line.
In New York City, transit police are currently conducting undercover operations to discourage device theft on the subways. The plain clothes officers travel the rails, with up to 200 undercover police patrolling at any given time. The NYPD knows the score. Pickpockets love smartphones. In London, the transit authority has issued this warning to tube riders. “Treat your iPhone like a 100 pound note, because that is what a thief sees when you use it in public.” Over the last year there, thieves have become increasingly brazen. Daylight robberies have become routine, where devices are snatched right out of callers’ hands, even while conversations are in progress.
This sort of crime is a triple threat to mobile business workers. First, it deprives them of tools, data, and communications necessary to do their work; second, it must be assumed that whether the theft was targeted or not, the business data on the phone may be subject compromised; and third, these devices are not cheap.
Companies need to be prepared for device theft and loss because it’s going to happen. Here are some things you can do:
· Data encryption should be routine for all business data that resides on the phone for any amount of time. If workers keep sensitive personal data on the phone as well, things like personal identification information, credit card and bank account numbers, passwords, or any other kind of sensitive information, they would be wise to encrypt all this data. Businesses can and should mandate this for their workers. Of course they will need a security management platform and consistent security policies and practices to enforce it.
· Access to all business functions should be password protected.
· Maintain 24/7 availability of mobile application management facilities for remote device wipe and remote lockdown. Employees need to be encouraged to contact a company hot line right away if they suspect their phone is lost or stolen. Reward them for this action. Delays can be costly. Companies should also have rules for automatic data fading in place in case a user does not know right away that their phone has been stolen.
· Particularly in a “bring your own device” (BYOD) company, workers should be encouraged to get theft insurance, to be aware of its provisions for device replacement, and to carry contact information for the insurer in a place that is separate from both phone and wallet.
· Several carriers and phone vendors provide services for tracking stolen devices. Again, device users should carry contact information for these services in a place separate from wallet and phone. To have a chance of locating a device, it is very important to contact the locator service as quickly as possible. Thieves may be savvy enough to ditch the SIM card.
Educate mobile business users about the risks of losing a device and best practices for keeping data secure. It helps to have a “culture of security” in which the company has clear security policies, a platform the enables and enforces best practices, and users who know what to do if the worst happens.